Re: HACKALERT - partman-crypto-placeholder (was: d-i memory requirements)
On Sun, Jul 02, 2006 at 12:07:51AM +0200, Frans Pop wrote:
On Saturday 01 July 2006 23:27, David Härdeman wrote:
Cool idea, but perhaps partman-crypto could be modified to do the same,
and the dependencies from partman-crypto on partman-crypto-loop and
partman-crypto-dm could be dropped (and anna-install used during
runtime instead)?
Hmm, yes. Should work too and is simpler (especially less risk of
mistakes in the future as no code duplication is needed).
It still does mean that the default priority of the packages needs to be
changed with only partman-crypto at "standard" priority.
Ok, I've attached a first stab at this. Since the udeb's are
automatically pulled in right now it's pretty hard to test that the
patch is ok, but I've at least built a d-i image and made a
crypto-install with it so it doesn't break that particular setup.
Index: choose_method/crypto/do_option
===================================================================
--- choose_method/crypto/do_option (revision 38686)
+++ choose_method/crypto/do_option (working copy)
@@ -11,14 +11,7 @@
rm -f $part/use_filesystem
rm -f $part/format
-# Set defaults
-if [ -d /lib/partman/ciphers/dm-crypt ]; then
- echo dm-crypt > $part/crypto_type
- crypto_set_defaults $part dm-crypt
-elif [ -d /lib/partman/ciphers/loop-AES ]; then
- echo loop-AES > $part/crypto_type
- crypto_set_defaults $part loop-AES
-else
- exit 1
-fi
+# Set defaults (this also downloads additional components)
+crypto_set_defaults $part dm-crypt || exit 1
+echo dm-crypt > $part/crypto_type
echo crypto > $part/method
Index: debian/control
===================================================================
--- debian/control (revision 38686)
+++ debian/control (working copy)
@@ -1,6 +1,6 @@
Source: partman-crypto
Section: debian-installer
-Priority: standard
+Priority: optional
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Uploaders: Max Vozeler <xam@debian.org>
Build-Depends: debhelper (>= 5.0.25), po-debconf (>= 0.5.0)
@@ -8,17 +8,18 @@
Package: partman-crypto
XC-Package-Type: udeb
Architecture: any
-Depends: partman-base (>= 87), partman-crypto-dm, partman-crypto-loop, cdebconf-newt-entropy (>= 0.3), ${shlibs:Depends}, ${misc:Depends}
+Priority: standard
+Depends: partman-base (>= 87), ${shlibs:Depends}, ${misc:Depends}
Description: Add to partman support for block device encryption
Package: partman-crypto-dm
XC-Package-Type: udeb
Architecture: all
-Depends: partman-crypto, crypto-modules, cryptsetup-udeb
+Depends: partman-crypto, crypto-modules, cryptsetup-udeb, cdebconf-newt-entropy (>= 0.3)
Description: Add to partman support for dm-crypt encryption
Package: partman-crypto-loop
XC-Package-Type: udeb
Architecture: all
-Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb
+Depends: partman-crypto, loop-aes-modules, mount-aes-udeb, gnupg-udeb, cdebconf-newt-entropy (>= 0.3)
Description: Add to partman support for loop-AES encryption
Index: debian/partman-crypto.templates
===================================================================
--- debian/partman-crypto.templates (revision 38686)
+++ debian/partman-crypto.templates (working copy)
@@ -355,6 +355,11 @@
be destroyed upon each reboot. This should only be used for
swap partitions.
+Template: partman-crypto/install_udebs_failure
+Type: error
+_Description: Failed to download crypto components
+ An error occurred trying to download additional crypto components.
+
Template: partman-crypto/warning_experimental_nonaudit
Type: boolean
Default: false
Index: active_partition/crypto_type/do_option
===================================================================
--- active_partition/crypto_type/do_option (revision 38686)
+++ active_partition/crypto_type/do_option (working copy)
@@ -38,6 +38,10 @@
method=$(cat $part/method)
if [ $method = crypto ]; then
+ # Load all known crypto types
+ if ! crypto_load_udebs "partman-crypto-dm partman-crypto-loop"; then
+ return 1
+ fi
select_crypto_type
fi
Index: crypto_tools.sh
===================================================================
--- crypto_tools.sh (revision 38686)
+++ crypto_tools.sh (working copy)
@@ -393,18 +393,43 @@
return 0
}
+# Loads additional crypto udebs
+crypto_load_udebs() {
+ local templ packages package
+ packages="$1"
+ templ="partman-crypto/install_udebs_failure"
+
+ if [ -z "$packages" ]; then
+ return 1
+ fi
+
+ for package in $packages; do
+ if ! anna-install $package; then
+ db_fset $templ seen false
+ db_input critical $templ
+ db_go || true
+ return 1
+ fi
+ done
+
+ return 0
+}
+
# Does initial setup for a crypto method:
-# 1) sets default values
-# 2) loads default modules
+# 1) Loads the appropriate udebs
+# 2) sets default values
+# 3) loads default modules
crypto_set_defaults () {
- local part type
+ local part type package
part=$1
type=$2
+ package=''
[ -d $part ] || return 1
case $type in
loop-AES)
+ package="partman-crypto-loop"
echo AES256 > $part/cipher
echo keyfile > $part/keytype
rm -f $part/keysize
@@ -412,6 +437,7 @@
rm -f $part/keyhash
;;
dm-crypt)
+ package="partman-crypto-dm"
echo aes > $part/cipher
echo 256 > $part/keysize
echo cbc-essiv:sha256 > $part/ivalgorithm
@@ -420,8 +446,20 @@
;;
esac
+ # Make sure something was configured before we go on
+ if [ -z "$package" ]; then
+ return 1
+ fi
+
+ # Pull in all additional dependencies
+ if ! crypto_load_udebs "$package"; then
+ return 1
+ fi
+
# Also load the modules needed for the chosen type/cipher
crypto_load_modules $type "$(cat $part/cipher)"
+
+ return 0
}
crypto_check_required_tools() {
Reply to: